Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx
Vulnerability Description
Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
Newforma Project Center Server 安全漏洞
Vulnerability Description
Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center Server存在安全漏洞,该漏洞源于RemoteWeb/IntegrationServices.ashx允许远程未经验证的攻击者使NIX建立SMB连接到攻击者控制的系统,可能导致捕获NIX服务账户的NTLMv2哈希。
CVSS Information
N/A
Vulnerability Type
N/A